Digital data networks have become a ubiquitous part of business, commerce, and personal life throughout the United States and the world. The public Internet and private local area networks (LANs) have become increasingly important backbones of data communication and transmission. Email, file access and sharing, and services access and sharing are but a few of the many data communication services and applications provided by such networks.
In their early expansion, those networks were typically accessed by fixed users communicating through electronic access terminals such as laptop and desktop computers, over wireline connections. With the recent spread of wireless local area networks (WLANs) and popularity of portable electronic access terminals, such as laptops and personal digital assistants (PDAs), an increasing proportion of users have taken a nomadic nature: a growing number of users now carry at least one personal electronic access terminal and seek instant yet temporary network access at a variety of locations with whom they have neither previous accounts nor long term relationships. This is especially true of corporate users who often seek network access at visited corporations, airports, hotels, restaurants, and others.
To this date, technology advances in network access equipment and systems have mainly focused on enabling access for fixed users connecting over residential or business broadband and dial up Internet lines; as well as mobile employees connecting over wireless local area networks (WLANs) stretching across their corporate premises. In the latter case, security issues inherent to the nature of wireless networks have prompted large academic, industry and standardization activities for the development of new technologies that can enable secure access over such networks. Particularly, the focus is on securing the communication channels themselves through encryption protocols (WEP, TKIP, AES and others), and introducing robust authentication mechanisms to authorize and track user access to the network. In those cases, users are assumed to be employees or known individuals with long term relationships with the corporation or preexisting accounts, and often preconfigured electronic access terminals such as laptop and desktop computers and personal digital assistants (PDAs). This is especially trues of employees with a long term and often contractual relationship with their employers.
Less effort was dedicated to infrastructures that can support nomadic users with a need for instant and temporary access at foreign networks where such users have neither previous accounts nor a long term relationship with the network provider. While current WLAN technologies can be made open to any user, known or unknown, concerns for the security, reliability and integrity of the host network, especially one that builds on a larger corporate data system, make most network providers hesitant to providing guest access for unknown nomadic (or guest) users. Network providers therefore have an understandable need for traceability of access and verification of user identity, especially for guest users. Additionally, any solution to the problem of short term guest access must allow controlled access once a user has been identified, restrict access to un-identified users, protect the corporate LAN from attack, provide simplicity both for the end user and for IT personnel, minimize costs and meet user privacy expectations, that are increasingly guaranteed by new legislation.
A number of solutions are in use today to address the problem of providing temporary guest access. The simplest approach is the one described above, namely providing open access to any user, known or unknown. Obviously, such an approach removes any form of traceability and identity verification, and poses security and reliability threats to the underlying corporate network.
Another method consists in IT personnel on site providing temporary guest IDs. This method may provide traceability since guests may have to at least provide their name to obtain a temporary ID. However, it introduces the cost of assigning IT personnel to this task as well as provides direct access to the private corporate network thus violating the need for protecting that network from foreign users.
A third solution is to assign a few computers on the network for guests. In addition to the cost for IT personnel of maintaining the units, this solution provides no traceability whatsoever; it also forces guest users to abandon their own electronic terminal thus complicating if not eliminating access to their electronic material and remote corporate networks.
Yet another solution is to force guest attempting access within a wireless local area network (WLAN) hotspot to go through a web based registration page. Users are instructed to provide varying levels of personal information such as name, email address, telephone number, and others. Users are then granted access through the account that has been created for them by the system based on the information they have provided. While convenient for the users, such a setup in fact provides no traceability of guest access since users may intentionally provide false information upon registration and no attempt is made by the system to validate their identity.
Finally, a simple solution is to dedicate phone lines for guest dial-up usage. This solution obviously removes any threats to the local corporate network, need for traceability and burden on IT personnel but it significantly lowers the flexibility and speed of a guest access system; moreover, with the spread of broadband connections, a large number of guests may not have dial up accounts anymore.